What is 21 CFR Part 11?
In their dealings with the US Food and Drugs Administration (FDA), some organizations, including pharmaceutical companies, are required to provide documents to the FDA, and to keep documents internally for archiving purposes.
Using physical documents exclusively (paper, films etc.) would impose an unnecessary regulatory burden to these organizations in terms of productivity and efficiency. More and more, documents are available in electronic format, either natively or after scanning.
Therefore, title 21, part 11 of the Code of Federal Regulations (21 CFR Part 11) details the conditions required for:
• Archiving and providing to the FDA certain documents in electronic format in place of physical format.
• Using electronic signatures in place of regular signatures.
Not all documents required by the FDA may be submitted in electronic format. The list of documents for which electronic format is considered official can be consulted on-line in public docket 92s-0251.
Current status of 21 CFR Part 11
21 CFR Part 11 is effective since August 20th 1997. As its content generated many comments in the industry, the FDA issued a compliance policy guide and draft guidance documents over the next years, which were later rescinded.
In August 2003, the FDA issued a “Guidance for Industry”. In that document, the FDA announced its intention to revise specific aspects of the regulation. Since the 21 CFR Part 11 remains valid and enforceable, we will include in this document the necessary caveats when we comment the parts that will probably change in the next months.
Single Sign-On and 21 CFR Part 11
A Single Sign-On (SSO) tool can be part of an environment compliant with 21 CFR Part 11.
SSO provides end-user ease of use and boots productivity. This can be of considerable help in managing the proliferation of application specific IDs, passwords and hardware-based authentication.
Evidian’s Enterprise Access Management provides Identity and Access Management to existing applications (open or closed systems). It can help organizations achieve compliance for their processes.
This document explains in a table, how Evidian Enterprise Access Management answers to each requirement of the 21CFR Part 11 paragraph.